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Abstract 


There are some circumstances where a Geolocation header field may contain more than one 
locationValue. Knowing the identity of the node adding the locationValue allows the recipient 
more freedom in selecting the value to look at first rather than relying solely on the order of the 
locationValues. This document defines the "loc-src" parameter so that the entity adding the 
locationValue to the Geolocation header field can identify itself using its hostname. This 
document updates RFC 6442. 


Status of This Memo 


This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force (IETF). It represents the 
consensus of the IETF community. It has received public review and has been approved for 
publication by the Internet Engineering Steering Group (IESG). Further information on Internet 
Standards is available in Section 2 of RFC 7841. 


Information about the current status of this document, any errata, and how to provide feedback 
on it may be obtained at https://www.rfc-editor.org/info/rfc8787. 


Copyright Notice 


Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights 
reserved. 


This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF 
Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this 
document. Please review these documents carefully, as they describe your rights and restrictions 
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with respect to this document. Code Components extracted from this document must include 
Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are 
provided without warranty as described in the Simplified BSD License. 
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1. Introduction 


The SIP Geolocation specification [RFC6442] describes the "Geolocation" SIP header field, which is 
used to indicate that the SIP message is conveying location information. [RFC6442] specifies that 
SIP intermediaries should not add locationValues to a SIP request that already contains a 
locationValue. [RFC6442] also states that if a SIP intermediary adds location, it is fully responsible 
for addressing the concerns of any 424 (Bad Location Information) SIP response it receives. 
However, some communications architectures, such as 3GPP [TS23-167] and ETSI [M493], prefer 
to use information provided by edge proxies or acquired through the use of core-network nodes 
before using information provided solely by user equipment (UE). These solutions don't preclude 
the use of UE-provided location but require a means of being able to distinguish the identity of 
the node adding the locationValue to the SIP message from that provided by the UE. 
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[RFC6442] stipulates that the order of locationValues in the Geolocation header field is the same 
as the order in which they were added to the header field. Whilst this order provides guidance to 
the recipient as to which values were added to the message earlier in the communication chain, 
it does not identify which node added the locationValue. Knowing the identity of the entity that 
added the location to the message allows the recipient to choose which location to consider first 
rather than relying solely on the order of the locationValues in the Geolocation header field. 


This document extends the Geolocation header field of [RFC6442] by allowing an entity adding 
the locationValue to identify itself using a hostname. This is done by defining a new geoloc- 
param header field parameter, "loc-src". How the entity adding the locationValue to the header 
field obtains the location information is out of scope of this document. Please note that the "loc- 
src" parameter field does not alter the subject of the locationValue. 


2. Terminology 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD 
NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to 
be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in 
all capitals, as shown here. 


3. Rationale 


The primary intent of the "loc-src" parameter in this specification is for use in emergency calling. 
There are various architectures defined for providing emergency calling using SIP-based 
messaging. Each has its own characteristics with corresponding pros and cons. All of them allow 
the UE to provide location information; however, many also attach other sources of location 
information to support veracity checks, to provide backup information, or to be used as the 
primary location. 


This document does not comment on these various architectures or on the rationale for 
including multiple locationValues. It does recognize that these architectures exist and that there 
is a need to identify the entity adding the location information. 


The "loc-src" parameter adds the location source generating the locationValue to allow recipients 
to make informed decisions about which of the multiple values to use. 


The "loc-src" parameter is applicable within a single private administrative domain or between 
different administrative domains where there is a trust relationship between the domains. Thus, 
it is intended to use this parameter only in trust domains where Spec(T) as described in 
[RFC3325] exists. 


The "loc-src" parameter is not included in a SIP message sent to another network if there is no 
trust relationship. The "loc-src" parameter is not applicable if the administrative domain 
manages emergency calls in a way that does not require any generation of the location. 


The functional architecture to support emergency caller location described within ETSI [M493] is 
an example of an architecture where it makes sense to use this parameter. 
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4. Mechanism 


The mechanism adds a geoloc-param parameter to the locationValue defined in [RFC6442] that 
identifies the hostname of the entity adding the locationValue to the Geolocation header field. 
The Augmented BNF (ABNF) [RFC5234] for this parameter is shown in Figure 1. 


location-source = "loc-src" EQUAL hostname 
hostname = <defined in RFC 3261> 


Figure 1: Location Source 


Only a fully qualified host name is valid. The syntax does not support IP addresses, and if an 
entity conforming to this specification receives a Geolocation header field with a "loc-src" 
parameter containing an IP address, it MUST remove the parameter. 


A SIP intermediary conformant to this specification adding a locationValue to a Geolocation 
header field SHOULD also add a "loc-src" header field parameter so that it is clearly identified as 
the node adding the location. A User Agent (UA) MUST NOT insert a "loc-src" header field 
parameter. If a SIP intermediary receives a message from an untrusted source with the "loc-src 
parameter set, then it MUST remove the "loc-src" parameter before passing the message into a 
trusted network. 


W 


5. Example 


The following example shows a SIP INVITE message containing a Geolocation header field with 
two locationValues. The first locationValue points to a Presence Information Data Format 
Location Object (PIDF-LO) in the SIP body using a content-indirection (cid:) URI per [RFC4483], 
and this is provided by the UE. The second locationValue is an https URI provided by a SIP 
intermediary, which identifies itself using the "loc-src" parameter. 
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INVITE sip:bob@biloxi.example.com SIP/2.0 

Via: SIP/2.@/TLS pc33.atlanta.example.com;branch=z9hG4bK74bf9 

Max-Forwards: 70 

To: Bob <sip:bob@biloxi.example.com> 

From: Alice <sip:alice@atlanta.example.com>;tag=9fxced76sl1 

Call-ID: 3848276298220188511@atlanta.example.com 

Geolocation: <cid:target123@atlanta.example.com>, 
<https://lis.example.com:8222/y77syc7cuecbh>; 

loc-src=edgeproxy.example.com 

Geolocation-Routing: yes 

Accept: application/sdp, application/pidf+xml 

CSeq: 31862 INVITE 

Contact: <sip:alice@atlanta.example.com> 

Content-Type: multipart/mixed; boundary=boundary1 

Content-Length: 


Figure 2: Example Location Request (in Trust Domain) 


6. Privacy Considerations 


This document doesn't change any of the privacy considerations described in [RFC6442]. While 
the addition of the "loc-src" parameter identifies the entity that added the location in the 
signaling path, this addition provides little more exposure than adding a proxy identity to the 
Record-Route header field (privacy defined in [RFC3323]). 


7. Security Considerations 


This document introduces the ability of a SIP intermediary to insert a host name indicating that 
they added the specific locationValue to the Geolocation header field. The intent is for this field to 
be used by the location recipient in the event that the SIP message contains multiple 
locationValues. As a consequence, this parameter should only be used by the location recipient in 
a trusted network. Adding this parameter in an untrusted network serves solely to give location 
information to untrusted parties and is NOT RECOMMENDED. 


As already stated in [RFC6442], securing the location hop by hop, using TLS, protects the message 
from eavesdropping and modification in transit but exposes the information to all SIP 
intermediaries on the path as well as the endpoint. The "loc-src" parameter is applicable within a 
single private administrative domain or between different administrative domains where there 
is a relationship between the domains. If such a trust relationship is not given, it is strongly 
recommended to delete the location information. 


The use of this parameter is not restricted to a specific architecture, but using multiple locations 
and loc-src may end in compatibility issues. [RFC6442] already addresses the issue of multiple 
locations. To avoid problems of a possible corruption of the location information including the 
"loc-src" parameter when using an untrusted relationship, it is strongly recommended to delete 
location information when passed to another domain out of the trust domain. 
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8. IANA Considerations 


8.1. Registration of "loc-src" Parameter for Geolocation Header Field 


IANA has added a new SIP header field parameter for the Geolocation header field in the 
"Header Field Parameters and Parameter Values" subregistry (created by [RFC3968]) of the 
"Session Initiation Protocol (SIP) Parameters" registry found at <https://www.iana.org/ 
assignments/sip-parameters/>. 


Header Field: Geolocation 
Parameter Name: loc-src 
Predefined Values: No 


Reference: RFC 8787 
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